@ashelmire.bsky.social
Microsoft 365 traffic has many other analytical gotchas as well. One example l: Many “failure” events like requesting access to objects you don’t have permission to, aren’t logged.
March 22, 2025 at 6:01 PM
Microsoft 365 traffic has many other analytical gotchas as well. One example l: Many “failure” events like requesting access to objects you don’t have permission to, aren’t logged.
Applying impossible travel techniques to these logs can easily lead to false positives - and at the same time malicious actors can route their traffic through Azure IPs or rely on the m365 web apps to cloak their traffic.
March 22, 2025 at 6:00 PM
Applying impossible travel techniques to these logs can easily lead to false positives - and at the same time malicious actors can route their traffic through Azure IPs or rely on the m365 web apps to cloak their traffic.
